Add a wrapper for evasion attacks from foolbox library
Foolbox is a Python library that implements different adversarial attacks. We can include a wrapper to use their classes in our framework.
They recently released version 3 of the library, named foolbox native, which "has been rewritten from scratch using EagerPy instead of NumPy to achieve native performance on models developed in PyTorch, TensorFlow and JAX, all with one code base.". We should evaluate if this could create any conflict with our dependencies.
The minimal list of attacks to support:
-
CAttackEvasionFGSM
(Fast Gradient Sign Method) CAttackEvasionCarliniWagnerL2
Implementation plan (to be completed)
- Add foolbox as an extra dependency
- Set up a new package
adv.attacks.evasion.foolbox
- Create a new
CAttackEvasionFoolbox
class that inherits fromCAttackEvasion
- Create a specific class
CAttackEvasionXXX
for each implementation - Create tests for each wrapped attack (e.g., compare advx computed using foolbox with and without wrapper).
Checklist of missing tasks
-
Define tests -
Test the wrapper on GPU -
Handle optional dependencies (PyTorch and Foolbox) -
Add other attacks for which we can define the optimization function (FGM, BIM, Deepfool, EAD, BB) -
Define a tutorial notebook for users -
Remove duplicated code where possible -
Fix f_opt
taking the last point instead of the best -
Uniform order for input params -
Add docstrings to all attacks -
Code and docstrings cleanup -
Add docstrings to Secml Autograd modules
REFS
Edited by SecML-Bot